Index: net/base/x509_certificate.cc |
diff --git a/net/base/x509_certificate.cc b/net/base/x509_certificate.cc |
index 915838897e80ac7c5517c19357aa59f706969dbd..1deb56e652a94b5600f2e0a4eef23837e52b0cc4 100644 |
--- a/net/base/x509_certificate.cc |
+++ b/net/base/x509_certificate.cc |
@@ -603,6 +603,12 @@ int X509Certificate::Verify(const std::string& hostname, int flags, |
rv = MapCertStatusToNetError(verify_result->cert_status); |
} |
+ if (verify_result->has_md2 || verify_result->has_md4 || |
+ verify_result->has_md5) { |
palmer
2011/10/24 18:22:31
wtc does not want to ban MD5 yet. To ban MD5, and
wtc
2011/10/24 22:41:14
The signatures in the self-signed certificates of
Ryan Sleevi
2011/10/24 23:16:32
The logic currently includes roots (both has_mdX a
|
+ verify_result->cert_status |= CERT_STATUS_WEAK_SIGNATURE_ALGORITHM; |
+ rv = MapCertStatusToNetError(verify_result->cert_status); |
+ } |
+ |
return rv; |
} |